Customer Privacy Policy

Introduction

This Privacy Policy explains how Enni Online Ltd ('Enni', 'we', 'us') collects, uses, and protects personal data when you use the Enni platform to search, list, or book facilities.

Who we are

Enni Online Ltd (Company No. 12684982) provides the Enni booking platform. Our registered address is 26 Minford Gardens, London, W14 0AN.

Unless stated otherwise, Enni is the data controller for processing described in this notice. For certain processing handled by venue operators (for example, on-site CCTV operated by a venue), those operators act as separate data controllers.

Scope of this notice

This notice applies to personal data about:

  • prospective and current Hirers (customers) who enquire or make bookings
  • Operators who list venues and facilities
  • visitors to our website or app and recipients of service communications

It does not cover employee or recruitment privacy notices.

Personal data we collect

We collect and process the following categories, as relevant:

  • Identity & contact: name, email, phone, organisation, role.
  • Booking details: venue/facility, dates, times, activity, attendee numbers, special requirements, messages.
  • Compliance information (where applicable): proof of insurance, safeguarding confirmations (e.g., where activities involve children), and similar documentation required by venue rules or law.
  • Payment information: billing address and payment status. Card and bank details are processed by our payment service providers; we do not store full card details.
  • Technical data: IP address, device identifiers, browser type, and basic analytics on how you use the platform.
  • Communications: emails, support requests, and feedback you send us.

CCTV at venues: Some venues may operate CCTV for security. Those systems are controlled by the relevant Operator, not by Enni; Operators decide what is captured and for how long.

Where we get your data

  • directly from you when you create an account, make an enquiry, or complete a booking
  • from Operators (e.g., to administer bookings and access control)
  • from payment providers (payment status, limited metadata)
  • from your device through cookies/analytics (see Cookies & analytics)

How we use your data

  • manage enquiries, accounts, listings, bookings, and customer support
  • process payments, refunds, and payouts and keep necessary records
  • verify compliance requirements where necessary for an activity or venue
  • personalise and improve the platform, including troubleshooting and analytics
  • protect security and prevent misuse or fraud
  • send essential service communications (booking confirmations, updates, invoices)

Sharing your data

We share personal data only as needed for the purposes above:

  • With Operators: booking details needed to provide access to the facility and deliver the service.
  • With payment service providers: to take payments, issue refunds, and make payouts. We do not store full card details.
  • With service suppliers: e.g., cloud hosting, support tools, analytics—bound by contracts and confidentiality.
  • With authorities: where required by law, to protect rights and safety, or in connection with legal claims.

We do not sell your personal data.

International transfers

If personal data is transferred outside the UK/EEA, we will ensure appropriate safeguards—such as the UK International Data Transfer Agreement (IDTA), UK Addendum to EU SCCs, or other approved mechanisms—are in place.

How long we keep it

  • Booking and account records: generally up to 7 years to meet tax and audit requirements.
  • Compliance records: for as long as required to evidence compliance and then securely deleted.
  • Support communications and logs: for operational needs and to improve the service, then anonymised or deleted.

We keep data longer only if the law requires it or to establish or defend legal claims.

Security

We use technical and organisational measures appropriate to the risk—such as encryption in transit, access controls, and regular backups—to protect personal data. We limit access to staff and suppliers who need it and who are bound by confidentiality obligations.

Your rights

Under UK data protection law, you can:

  • request access to your personal data
  • ask us to correct inaccurate or incomplete data
  • request deletion or restriction in certain circumstances
  • object to processing based on legitimate interests
  • withdraw consent where we rely on consent
  • request data portability (where applicable)

To exercise your rights, contact us at info@enni.space . We may need to verify your identity before responding.

Cookies & analytics

We use necessary cookies to make the site work and, with your consent where required, analytics cookies to understand usage and improve performance. You can manage cookies through your browser settings and (where implemented) our cookie banner preferences.

Automated decision-making / profiling

Enni does not make decisions producing legal or similarly significant effects solely by automated means. If this changes, we will update this notice and explain the logic involved and your rights.

Complaints

If you have concerns about our use of your data, please contact us first at info@enni.space . You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk/concerns .

Changes to this notice

We may update this Privacy Policy from time to time. If changes are material, we will notify you in advance via email or an in-app notice. The “Last updated” date below will change when we publish updates.

Contact us

For privacy questions or to exercise your rights, contact:

  • Email: info@enni.space
  • Post: Enni Online Ltd, 843 Finchley Road, London NW11 8NA

Last updated: 15 August 2025